NETWORKING

Job Seekers Asked For Facebook Passwords: Debate Roars

As part of the vetting process, some companies are asking job candidates to provide their Facebook credentials. Would you? Should you?

Facebook Apps In Action

(click image for larger view and for slideshow)

It's the job of your dreams. Your resume was one of those selected from among hundreds submitted. You've made it through a phone screener and then several in-person interviews with key company players. You can feel it--the job is yours. Now, all you have to do is provide your Facebook password.

Would you? Should you?

An Associated Press story picked up by the Boston Globe, among many other media outlets, tells the tale of a New York statistician who was surprised when asked by a job interviewer for his Facebook user name and password. The candidate withdrew his application, saying he didn't want to work for a company that would ask for such information. But this was apparently not an isolated incident. It's common practice for companies to check out job candidates' social media presence as part of the vetting process (hence, all those recommendations about not posting compromising photos, inflammatory comments, and the like), but as more and more people utilize Facebook's privacy controls to lock down their profiles, companies are apparently asking job candidates to give up the keys to their Facebook kingdoms.

Is that as invasive as it sounds? Yes, according to social media and HR experts contacted by The BrainYard, not to mention a group of Facebook users who responded with a resounding and collective "No way!" when asked on the social network itself if they would give up their password to get a job.

"I have heard about recruiters and hiring managers performing searches on social media channels when vetting out candidates, but directly asking for a password is akin to asking for the password to an employee's email account or other password-protected material," said Jake Wengroff, global director, social media strategy and research, Frost & Sullivan. "It is a clear invasion of privacy."

The fact that companies feel they can even ask is a sign that we're still in an employer's market, said Bruce Hurwitz, president and CEO of Hurwitz Strategic Staffing. "They think that in this market, they can do whatever they want," he said. "They don't need the candidates; the candidates need them. They think they can get away with it."

Ari Lightman, distinguished service professor, digital media and marketing, and director of the CIO Institute at Carnegie Mellon University, said the practice may be surprising but is in many ways understandable given the fact that we're dealing with newer technology where legal precedent has yet to be established.

"Employers and some colleges have been asking for Facebook passwords as a mechanism to better profile potential applicants," Lightman told The BrainYard. "From the employer perspective, they are trying to rule out any illicit behavior that would lead to diminished performance at work or dismissal. I don't think it is too prevalent, but the few cases are becoming very public, especially as watchdog groups like the ACLU become involved."

Lightman said he believes that it will eventually be deemed unlawful to require an applicant to provide a Facebook password as part of the recruitment process. But, in the meantime, what are applicants put in this awkward position supposed to do? Given the still-tight economy, would you hand over your password if asked during an interview?

"I would probably friend the interviewer, but hand over a password? I think not," said one Facebook user in response to this question.

"I would not. There's nothing on my wall or news feed I'd be embarrassed by, but who wants to work for a company that goes to such measures?" said another.

"No way, no how."

"No ... as I would not give my password to ANYONE."

"I would say have a nice day and leave."

"[It's] an invasion of privacy in my book. I don't think [the interviewer] would give me theirs if I asked.

"Not unless they have a court order! I don't want to work for ANYONE that much."

"NO WAY! If they want to know what I post, friend me, but anything else is a huge invasion! Plus, how do I know they won't post something that is totally inappropriate?

"No! I would tell them what they can do with their job, even if I were desperate for work."

Frost & Sullivan's Wengroff suggests a middle ground, as well as some general advice: "I would agree to walk a recruiter through my Facebook page that I signed in to, but I would not hand over the password," he said. "However, as a best-practice, job seekers--or anyone with a public-facing persona--should always think twice about posting, sharing and commenting on potentially objectionable content on Facebook. It shouldn't have to come down to a job interview to think twice about what you post on Facebook.

Would you give up your credentials under any circumstances? What do you see happening with regard to this issue moving forward? Please comment below or write me at debra.donstonmiller@gmail.com.

The Enterprise 2.0 Conference brings together industry thought leaders to explore the latest innovations in enterprise social software, analytics, and big data tools and technologies. Learn how your business can harness these tools to improve internal business processes and create operational efficiencies. It happens in Boston, June 18-21. Register today!

Reports

Comments

michael.firkser...

User Rank: Apprentice

Wed, 03/21/2012 - 14:22

re: Job Seekers Asked For Facebook Passwords: Debate Roars

I wouldn't even log on and walk through my Facebook page with an interviewer. How do I know they don't have a keystroke reader, so they can get my log on information that way. And even if I don't have any inappriopriate posts or pictures, what if the interviewer doesn't like a political or social group that I "LIKE". I wouldn't even friend them. What I have on a social media site is my personal business. What next? A webcam in my bedroom?

In cases like this I think it is useful to come up with a real-world analogy. I submit that handing over your Facebook (or Twitter, or whatever) login ID and password is analogous to handing over the key to your house. Would we let a potential employer walk around our house, opening drawers, looking at our letters, checking our diary, little black books, and contents of our liquor cabinet? I think not. (I just re-read the story and realized this very point is raised in the story by Orin Kerr of GWU, who calls it "an egregious privacy violation." Quite).

But who are these rumored employers anyway? The AP story has just two examples, only one of which names a specific organization (the Maryland Dept. of Public Safety and Correction). Is the story getting ahead of the game?

Wrong on a couple of different levels. Password sharing is illegal in a couple of places since sharing accounts makes the RIAA twitch and squirm and this, technically is account sharing. So in some instances a potential employer could be asking you to do something illegal. Next of course if a person decides to give up their FB password (or any social network account access) they are exposing their friends and relatives without permission or authorization...In the case of the article picked up by the Boston Globe there was also a pretty clear case of profiling, really stupid on the employer's part. Most firms that we work with, will do background checks but always with authorization of the person being checked. @NJ...check out the latest Wired, the NSA is already in your bedroom :-)

Yes, I will be glad to hand over the password to my Facebook account, at least the one set up to make me look like a shining employee that is. That way, they are happy, my privacy is still intact, and hopefully, I get the job.

No. And it reflects poorly on the company's security policies that they would even ask for access to an account not on their system. The correct response is for the candidate to ask the interviewer to reciprocate by giving the candidate a password to the CEO's email inbox and stored correspondence so that the candidate could check out what kind of character the leadership of the company has. Fair enough?

That's a security violation. Everybody knows that you're never to give anyone your user ID or password. DUHH!!! Seriously though, I would consider it an invasion of privacy and respectfully decline. I don't have anything to hide but I don't need everyone knowing all of my business. Should I give them my email credentials and a spare key to my house and car too? GET REAL!!!!

While it's puzzling a prospective employer would request login credentials to sign in as you in order to evaluate you for potential employment, in my opinion it's only Facebook and not your credit report or your college transcript. Actually logging in as you on social media should be reserved for high level government agency background checks and not run-of-the-mill employers. Potential employers should consider nothing more than having you friend them and affording the same privacy settings as friends. In actuality, there are plenty of other sources available online to determine candidate suitability that may reveal more than Facebook. One thing is for sure, prospective employers are pushing the envelope with regard to FCRA and other federal and state laws by requesting access to personal accounts effectively bypassing certain protections afforded individuals.

Any organization that thinks they need this and can't discuss appropriate professionalism with employees and candidates is just a poor organization regardless if they are corporate, non-profit, state/provincial or federal /national. This definitely shows laziness and lack of understanding of proper use of websites, privacy etc.

I don't understand how it is defensible. By law, prospective employers aren't allowed to ask age or other discriminatory questions. Yet most of this kind of information would be instantly available by viewing someone's Facebook account. Highly inappropriate, and I would think also highly illegal.

It's pretty ridiculous! Any company that would request access to your personal Facebook account is seriously behind the times and clearly doesn't understand the role and importance of the social media channels today. In fact, it could be used as an applicant screening question, because anyone dumb enough to give someone the username and password to their personal account is clearly willing to do anything in a given situation if it could potentially benefit them. I for one would like to see a website that keeps an up-to-date list of all the companies that have requested a job applicant's Facebook username and password. We can call it the 'Wall of Shame'! I think it would put a quick end to the use of that tactic, as it would be a reference site for job seekers to use to quickly rule out those companies. Then we'll see how much leverge they have once their total number of qualified applicants plummets! No one should have I waste their time with some lame organization stuck in the dark ages!

As far as social profile is considered ,most of the times people always try to resemble some thing different on there social profile than what they are as a person to be Great or to get more marketing of themself.So i wish good luck to the HR if they are more interested in the social profile than the real person who is sitting in front of you, and we should leave the de-scion to the person who is attending the interview whether he want to take the job with the company where the people doesnt belive in people but in Virtual Profile .

I've no problem with potential employer reading my facebook or blogs; in point of fact several of my employers have. I don't consider either of these private, if I restricted access to these that would be another story as I wouldn't give them access to a written personal diary.

Now asking for the password I think goes above and beyond rasonable. I guess I'd be o.k with it as long as they're willing to give me the password to corporate financial and legal accounts, their D&B account, etc. After all, they're trusting I'm acting legally and ethically, shouldn't I be able to verify the same regarding the company and Executive Officers...

Before this article, the last time I heard anyone was asking for your Facebook id and password was after Iranian rigged election in 2009 and the riots following that. Any Young Iranian who was entering the country at that time was asked by intelligent officers for Facebook id and password, to check if they have not posted anything against the government.

Unfortunately the current job market allows these companies to invade people's privacy, and the same time downgrade themselves to the level of the intelligent officers of countries like Iran and Syria.

I would never show my facebook page during an interview. My personal life and time is none of their business as I am being hired to work 8 hours a day, five days a week - baring any overtime.

The interview is a two way street as I am interviewing the person who is interviewing me to see if I want to work for them as much as they are seeing if I am a good fit for their business needs. Any place that asks such a backwards question would immediatley be written off in my book and the interview would be over as far as I was concerned.

Questions during an interview process like that show me it might not be a place I want to go to everyday. All they need to see is my portfolio, work experience and reccomendations. If there are still questions after a couple of indepth interviews it just wasn't meant to be.

As an Active Directory and Messaging Administrator in my organization, I've told other account admins in no uncertain terms that, if it were up to me, anyone who provides access to another person's account by changing the AD password should be terminated post haste. It violates the integrity of the environment and invalidates auditing. This situation seems similar to me.

Why would I work for a company that requests user passwords to access information as the user? It makes me question the policies of the company itself

I hope that candidates realize that they would be giving up far more than their Facebook password. Without even going into the privacy issues, there are larger dangers here. Because social login is becoming so common, the username and password they give up could allow login under their credentials to hundreds of sites.

Those who refuse to give up the information should be hired on the basis of being trustworthy: They probably wouldn't give up their company username and password, either.

One of the things that bothers me is subverting the whole notion of Facebook privacy controls (such as they are). It's one thing if people are pumping out public posts that would be embarrassing to the hiring organization. Think of the school board hiring a principal who commonly posts sexist jokes - I can see their interest in wanting to find out about that ahead of time.

On the other hand, if I want to post political comments just to contacts that share my political views and go to the trouble of tagging my contacts in FB, I may be doing that specifically to avoid publishing them to audiences such as potential employers who might not like my politics or wouldn't want to be associated with them.

People have a right to have a life outside of work, including a social media life. It's not easy in the digital world to keep your work and personal lives entirely separate, but I really hate to see the few tools that do exist for trying to be discrete undermined.

First you answer the question with a question. "I would like the account number and password information to your bank account that will allow me to make withdrawals and transfers. Sounds like a fair trade of information to me - Don't you think??"

Then, there has been, for many years, a practice in many european countries where people would have multiple cell phone accounts so their most personal of personal calls could never be traced. Same with Facebook - open up a new account before you start advertising that is simply an business profile and a copy of your resueme and a few pictures of your past work experiences.

If challenged by the prospective employer that it is not your real account, yhou simply say, my life IS my work..I am sure that is true for you as well and you will, right here and now, give me your facebook account and passwork to prove that your can pass the test as well.

Remember,. when interviewing NEVER BE TIMID - ACT LIKE YOU ARE ALREADY THEIR BOSS.

I just heard this on our local news station where they reported the practice as legal. I don't know which legal opinion substantiates that classification and would be interested in knowing which but, I would think it more accurate to classify it as "unregulated" which implies there is no legal precedence - yet. That said, there is not even reasoning within your company to hand over credentials to your personally identifiable company account and leave yourself open to personality theft by some fradulent trader to hide their actions (French case costing the company 5 billion), IT staff to abuse their position (San Francisco, Rome,...), or other likely misuse (Enrons of the world). So a discussion of giving up a private, personal account to prospective or even current employer evades any logic.

I have faith in the legal system that would and will eventually classify this as an invasion of legitimate expectation of the right to free speech and privacy. If I post it publically accessible, then the prospective employer can see it without access, if I post it in the semi private setting of social media (only friends) then I should have the same expectation of a one-to-many conversation at a ballgame with a friends (in as much as that can be private). It is my responsibility however to know and set that security in the social apps. Wengroff's recommendation I believe violates that right to privacy by eavesdropping (in the illegal sense akin to wiretapping or recording telephone calls without disclosure).

Part of my job is InfoSec. If asked this question, I would ask if this is the security standard that my potential work would be held to, that these are the lax policies I would be enforcing and being held responsible for. Pretty much regardless of their response, I would mock them before walking out. If I really wanted to be mean, I'd offer to leave a urine sample for them to drug test from.. on the interviewer's desk. Drug tests: that's a similar invasion of privacy as far as I'm concerned; I've heard no comparison to that, but it's so similar.

Snarky comments aside, I've understood from other articles on this subject that the jobs being interviewed for were municipal jobs: police force or 911 call centers, iirc. I wouldn't be applying to those jobs (let alone urinating on a desk in a police station). Those who do may very well expect this sort of invasive inquiry to be sure that they will be suitable and reliable for their position. Those applying to the jobs in question may well be drug tested as well, and they probably think nothing of that.

What I find completely absent in this 'roaring debate' is the opinion of those directly affected by the story. Opinions of those unaffected (as yet) are just as hypothetical as my snarky comment. I'm not there, and I can't be certain of my response until I'm in that position and could possibly need that job so desperately. Desperate people will do anything.

I view this as funny/hypocritical/possible needed "invasion of individual privacy"...If you owned a business, would you not want to avoid being slandered/humiliated/damaged by an employee. A fully vetting process is one method that employers that have a substantial amount to lose is one way to "attempt" at mitigating the possibility.

Nobody is perfect, but with the increase in media channels/outlets, one needs to be very careful where they share particular information. If I have something heinous to say/communicate I do my best to bite my cheek and think about how it may affect others.

I think Giakson's comments/references below would qualify why a proper/thorough vetting of candidates may be in order. Would you want your bank or the government to hire a very skilled programmer that regularly brags about their prowess in online forums such as Facebook regarding their ability to defraud/exploit systems?

And in my first comment I mention funny. Funny as this channel/thread of news is blowing up and going viral when this type of vetting if completed by just individuals might be completed soundly.

Clear answer is "No!". Do they want my email and voicemail password as well? How about a copy of my front door key to go with that? Want me to strip naked right here so that you can do a cavity search?If a company would ask me for that I'd get up and walk out of the interview. It is not a place I'd want to work at.

The question seems self-answering, if one follows it through to a logical conclusion: 'Think about the person who would be willing to provide that password, when that person is approached or interviewed by a competitor at some future time, would they hesitate to provide the organizations sysadmin passwords? customer lists? financials?

The ITRC reported over 22M reported data breeches last year http://www.idtheftcenter.org/a... and just last week 171,000 usernames and passwords from a military dating site were breached. Facebook breach number were elusive but I found a handful of "programs" online designed to compromise Facebook passwords. Often, on employment applications you agree to a credit/background/criminal checks and eventually give your new employer your SSN.

I offer two points: 1) If you don't want prying eyes to see something...don't post it anywhere and 2) If someone really wants your information in the cloud, they will likely get it, even with 128bit SSL encryption.

As a Lawyer told me once, "Never put anything in print unless you are willing to see it published on the front page of the NY Times or be embarrassed to have your Mom to read it"

That should also hold true for Social Media. In 2009 Proofpoint reported that in a survey 8% of fired employees were from a result of inappropriate postings http://blog.proofpoint.com/201...

Although, its inappropriate to ask for your personal username/password and I don't leave my keys in the ignition of my car either, I don't see what the uproar is about. I believe today's security focus has moved from the inevitable where,when and how (deterrence) to mitigating risk during the breech.(damage control)

This is a no brainer. I don't have a facebook account. Even if I had one I would refuse to do so and would ask to see the document where I offered it. This is dangerous 1st amendment area and you could sue, I believe.Once the company was known for this the people applying for jobs would dry up.

Any person is granted the freedom of speech. This should be consider a crime, companies that utilizes such unethical practices should be black-listed in open forums to avoid job seekers from even applying for the job.

Credibility is the first thing everyone should be looking at. I always take a quick research for a certain company before contacting them. http://20four7va.com/ would be one of the legit employment site i've seen.